1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

My log files

By massguy35 ยท 20 replies
Jan 30, 2009
  1. Not sure how bad i am now...I think I got rid of all the bad stuff

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    1. Start> Run> msconfig> enter> Selective Startup Startup tab> UNCHECK all Ask- related processes> Apply> OK.
    2. Control Panel> Add/Remove Programs> UNINSTALL all Ask-related entries.
    3. Remove ALL of the following from the Trusted Zone:
    Open Internet Explorer> Tools> Internet Options> Security tab> Trusted Sites> Sites> find each of the following processes> click to highlight> Remove
    When through, reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

    Update and scan with Malwarebytes again.

    Run SDFix:
    * Download SDFix HERE and save it to your Desktop.
    * Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Boot into Safe Mode
    * Restart your computer and start pressing the F8 key on your keyboard.
    * Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run SDFix
    Rescan with HijackThis when through. Attack reports and log.
  3. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    New logs

    Also I got an error message trying to remove askbar from the control panel

    Error loading C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll
    The specified module could not be found

    Never got the nag message when rebooting
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have to UNCHECK the entries on the startup menu before you can uninstall it. But I don't see any processes from Ask loading.

    IF you don't change anything, you don't get the nag message,

    Did you remove these from the Trusted Zone?
    Remove then again, then put each on in the Restricted Zone. type in exactly like it is above: for instance, type this in *.virusremover2008.com

    Run one more HijackThis scan and attach the log. If those URLs in Safe Mode have been handled, we will remove the cleaning tools
  5. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    There are no Ask processes to check.
    When I go in to explorer it does not show any of those as trusted sites(I did remove them all before) When I try to add them to the restricted list I get a message saying The site you specified already exists in another zone. Please romove the site from that zone before adding it to the current zone.

    But like I said its does not show up on the trusted sites list.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, let see if they're hiding:

    Control Panel> Folder options> View tab> CHECK 'show hidden files and folders'> Apply> OK.

    Now go to Trusted Sites and see if they show. We need to find them because they should not have Trusted Zone privileges. If we can't find them, I'll see if one of our code writers can assist. If you are able to remove from Trusted then put in Restricted, when through, go back and re-hide the files and folders.
  7. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    That didn't work

    Any more help?

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Like all mortals can ,I fell ill. I have been away from the computer for over 3 weeks. Sorry no one else came to help.

    Please update and run Malwarebytes again, follow with new scan with HijackThis. Attach both logs.
  9. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    you need to run smith fraud fix bobbye should be able to help you with that
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry this post may be classed as unrelated to topic, but...

    Bobbye, I really was worried (ie BD went then you?)
    Sorry to hear you were ill, I hope you are either ok now, or on the mend :grinthumb
    Really hoping we do see more of your excellent and highly appreciated support posts
    Pretty sure you're the best here at Virus\Malware removal help :)
  11. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    I'm sorry to hear that you were ill......I feel like an *** now.......sorry

    Here they are

    Attached Files:

  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well nothing bad in HJT log
    Bu Malwarebytes (updated :grinthumb) was only run for 4mins - quick scan :(

    This program runs for 10 mins ;) And it's very good at catching undetected malware, please run this:

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply
  13. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    I think I have this right

    Can you give this a shot?
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You have a lot of Spyware protecting programs installed
    I'll name a few that I can see:
    Could be more, but you should uninstall the lot. Except leave Avira and Malwarebytes installed only

    Then run the AVG8 removal tool

    Then Restart

    Then update Avira
    Then run a full scan
  15. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    ok did all that

    here is the log file
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Start->Run-> combofix /u

    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    It seems to be clean, but do this anyway

    CCleaner to remove all temp files (by the way this program has just updated, download and run install again)
    CCleaner and click the Registry button (on far left in the program) "Scan for issues" Fix all, no backup necessary
    Then do the "Scan for issues" again, Fix all, and keep doing this until clean

    Then download Kcleaner
    Default settings is good, but I actually select all items (therefore all is good)
    Start that, and remove more temp stuff

    Then, restart
    Then report on findings
  17. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19

    Everything seemed to go as you told me it would.....nothing had log files so I guess I am clean?

    I inherited a toshiba satellite m305 running vista. Should I run the same steps on this too?
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I haven't seen the HJT log, but if all has come up clean then that's good
    Yes you could start from the start on the new computer and do the above :)
    Obviously the specific issues will be different, but good idea to run the scans
  19. massguy35

    massguy35 TS Rookie Topic Starter Posts: 19


    Here is my log
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    All of a sudden you have Bittorent installed (this was not in your original log)

    Bittorent is a filesharing program and basically allows insecurity to your system, plus it is usually used by many younger (and sometimes older) individuals, to download software and music\movies etc from other individuals. Which usually carries malware (or should I say always, or just about always)

    So therefore I cannot see you ever being "clean" with this installed
    Your choice of course, but there's no use me continuing on with this installed.

    You also have RelevantKnowledge installed. This was installed with Kcleaner I recommended. There may have been some confusion when I said default settings - I meant when the program is initially running and you are given the options on what to tick and untick. But during the installation of Kcleaner, RelevantKnowledge was not required (it was stated as OPTIONAL install)

    No issue, just uninstall it
    But you will need to run Malwarebytes again (update it manually first) then do a full scan. It should remove the remaining RelevantKnowledge entries

    I have since reworded my try Kcleaner to say uncheck RelevantKnowledge during install, actually I even created a Pic (It needs a little work still ;) )
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks kimsland for helping. Got home from hospital yesterday, it will take a bit to get up to speed.

    massguy, when you are cleaning malware from a system, you shouldn't be adding programs or updates, unless the person helping is specifically telling you to. I looked over the HijackThis logs and see new processes in each. Follow Kim's help. You have a lot of unnecessary processes running and I also agree, overkill in security programs.

    I found this "Askbar Removal Tool". It is hard to find and remove all it's entries. I haven't used this removal so let us know how it works for you.

    When the system is clean, we have you remove all the cleaning tools and old restore points.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...